Effective date: 10 June 2026 · GoMedPay
GoMedPay is committed to compliance with the Protection of Personal Information Act 4 of 2013 (POPIA), which commenced on 1 July 2021. This statement explains how GoMedPay meets its obligations as both a Responsible Party and, in certain circumstances, as an Operator under POPIA.
GoMedPay is the Responsible Party for personal information collected through the GoMedPay website, including inquiry form submissions and newsletter subscriptions. We determine the purpose and means of processing this information.
When GoMedPay performs revenue cycle management services for a medical practice, we may process patient billing and claims data on behalf of that practice. In this capacity, GoMedPay acts as an Operator under POPIA — the practice remains the Responsible Party for its patient data, and GoMedPay is bound by a Data Processing Agreement (DPA) with the practice before any data is accessed. No patient data is accessed by GoMedPay without a signed DPA in place.
Name: Andile Memela CA(SA) CIA
Role: Information Officer, GoMedPay
Email: [email protected]
Website: www.gomedpay.co.za/about/
The Information Officer is responsible for ensuring GoMedPay's compliance with POPIA, handling data subject requests, and liaising with the Information Regulator of South Africa. If you have a question or request relating to your personal information, contact the Information Officer at the email address above.
Under POPIA sections 23–25, you have the following rights:
You may request a description of the personal information we hold about you and request a copy of that information.
You may request that inaccurate, misleading, out-of-date, incomplete, or unlawfully processed information be corrected or deleted. Deletion is subject to our legal retention obligations.
You may object to the processing of your personal information on grounds relating to your particular situation. You may object to direct marketing at any time using the unsubscribe link in any marketing email.
Where we rely on your consent to process personal information (e.g. newsletter subscriptions), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.
You may lodge a complaint with the Information Regulator of South Africa if you believe your rights under POPIA have been infringed.
To exercise any of these rights, please contact the Information Officer at [email protected]. We will respond within the time periods prescribed by POPIA.
If you are not satisfied with how GoMedPay has handled your personal information or your rights request, you may submit a complaint to the Information Regulator of South Africa:
Complaints may also be submitted using Form 5 (Complaint Form) available on the Information Regulator's website.
GoMedPay has implemented the following technical and organisational measures to safeguard personal information:
GoMedPay uses a double opt-in process for all newsletter subscriptions. When you subscribe, you receive a confirmation email with a unique link. Marketing emails are only sent after you click that link. Your consent timestamp and confirmation record are stored as a POPIA-compliant audit record. You may unsubscribe at any time using the link at the bottom of any marketing email.
GoMedPay's third-party service providers (SendGrid, Railway, Cloudflare) each operate under contractual terms that restrict them from using GoMedPay data for any purpose other than providing their services to us. Transfers to providers outside South Africa are governed by Standard Contractual Clauses. A list of current processors is maintained in our Privacy Policy.
GoMedPay reviews this Compliance Statement and its associated Privacy Policy annually or when material changes to processing activities occur. The last review date is reflected in the effective date at the top of this page.
Related: Privacy Policy · Terms of Service